Notes generated: Mon Dec 09 05:06:59 CET 2024
None.
Issue | Description |
---|---|
JDK-8290367 |
Update Default Value and Extend the Scope of com.sun.jndi.ldap.object.trustSerialData System Property In this release, the JDK implementation of the LDAP provider no longer supports deserialization of Java objects by default:
The transparent deserialization of Java objects from an LDAP context will now require an explicit opt-in. Applications that rely on reconstruction of Java objects or RMI stubs from the LDAP attributes would need to set the |
Issue | Description |
---|---|
JDK-8193682 |
Default JDK Compressor Will Be Closed when IOException Is Encountered
|
Issue | Description | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
JDK-8279164 |
Disabled TLS_ECDH Cipher Suites The TLSECDH cipher suites have been disabled by default, by adding "ECDH" to the Please note that this change has no effect on the TLS_ECDHE cipher suites, which are still enabled by default. |
||||||||||||||||||||
JDK-8337664 |
Distrust TLS Server Certificates Anchored by Entrust Root Certificates and Issued After Nov 11, 2024 The JDK will stop trusting TLS server certificates issued after November 11, 2024 and anchored by Entrust root certificates, in line with similar plans recently announced by Google and Mozilla. The list of affected certificates includes certificates branded as AffirmTrust, which are managed by Entrust. TLS server certificates issued on or before November 11, 2024 will continue to be trusted until they expire. Certificates issued after that date, and anchored by any of the Certificate Authorities in the table below, will be rejected. The restrictions will be enforced in the JDK implementation (the SunJSSE Provider) of the Java Secure Socket Extension (JSSE) API. A TLS session will not be negotiated if the server's certificate chain is anchored by any of the Certificate Authorities in the table below and the certificate has been issued after November 11, 2024. An application will receive an Exception with a message indicating the trust anchor is not trusted, for example:
If necessary, and at your own risk, you can work around the restrictions by removing "ENTRUST_TLS" from the The restrictions are imposed on the following Entrust Root certificates included in the JDK:
You can also use the
If any of the certificates in the chain are issued by one of the root CAs in the table above are listed in the output you will need to update the certificate or contact the organization that manages the server. |
||||||||||||||||||||
JDK-8341059 |
Distrust TLS Server Certificates Anchored by Entrust Root Certificates and Issued After Nov 11, 2024 The JDK will stop trusting TLS server certificates issued after November 11, 2024 and anchored by Entrust root certificates, in line with similar plans recently announced by Google and Mozilla. The list of affected certificates includes certificates branded as AffirmTrust, which are managed by Entrust. TLS server certificates issued on or before November 11, 2024 will continue to be trusted until they expire. Certificates issued after that date, and anchored by any of the Certificate Authorities in the table below, will be rejected. The restrictions will be enforced in the JDK implementation (the SunJSSE Provider) of the Java Secure Socket Extension (JSSE) API. A TLS session will not be negotiated if the server's certificate chain is anchored by any of the Certificate Authorities in the table below and the certificate has been issued after November 11, 2024. An application will receive an Exception with a message indicating the trust anchor is not trusted, for example:
If necessary, and at your own risk, you can work around the restrictions by removing "ENTRUST_TLS" from the The restrictions are imposed on the following Entrust Root certificates included in the JDK:
You can also use the
If any of the certificates in the chain are issued by one of the root CAs in the table above are listed in the output you will need to update the certificate or contact the organization that manages the server. |
Issue | Description |
---|---|
JDK-8341057 |
Added SSL.com TLS Root CA Certificates Issued in 2022 The following root certificates have been added to the cacerts truststore: ``` + SSL.com + ssltlsrootecc2022 DN: CN=SSL.com TLS ECC Root CA 2022, O=SSL Corporation, C=US
|
Priority | Bug | Summary |
---|---|---|
P3 | JDK-8298887 | On the latest macOS+XCode the Robot API may report wrong colors |
Priority | Bug | Summary |
---|---|---|
P3 | JDK-8318951 | Additional negative value check in JPEG decoding |
P3 | JDK-8311666 | Disabled tests in test/jdk/sun/java2d/marlin |
P4 | JDK-8337312 | [8u] Windows x86 VS2010 build broken by JDK-8320097 |
Priority | Bug | Summary |
---|---|---|
P4 | JDK-6544871 | java/awt/event/KeyEvent/KeyTyped/CtrlASCII.html fails from jdk b09 on windows. |
Priority | Bug | Summary |
---|---|---|
P4 | JDK-8266248 | Compilation failure in PLATFORM_API_MacOSX_MidiUtils.c with Xcode 12.5 |
P4 | JDK-7188098 | TEST_BUG: closed/javax/sound/midi/Synthesizer/Receiver/bug6186488.java fails |
Priority | Bug | Summary |
---|---|---|
P3 | JDK-8327007 | javax/swing/JSpinner/8008657/bug8008657.java fails |
P4 | JDK-8264328 | Broken license in javax/swing/JComboBox/8072767/bug8072767.java |
P4 | JDK-8221903 | PIT: javax/swing/RepaintManager/IconifyTest/IconifyTest.java fails on ubuntu18.04 |
Priority | Bug | Summary |
---|---|---|
P4 | JDK-8326351 | Update the Zlib version in open/src/java.base/share/legal/zlib.md to 1.3.1 |
Priority | Bug | Summary |
---|---|---|
P4 | JDK-8238274 | (sctp) JDK-7118373 is not fixed for SctpChannel |
Priority | Bug | Summary |
---|---|---|
P4 | JDK-8030795 | java/nio/file/Files/probeContentType/ForceLoad.java failing with ServiceConfigurationError without jtreg -agentvm option |
Priority | Bug | Summary |
---|---|---|
P2 | JDK-8284771 | java/util/zip/CloseInflaterDeflaterTest.java failed with "AssertionError: Expected IOException to be thrown, but nothing was thrown" |
P4 | JDK-8335894 | [8u] Fix SupplementalJapaneseEraTest.java for jdks with symlinked conf dir |
P4 | JDK-8299677 | Formatter.format might take a long time to format an integer or floating-point |
Priority | Bug | Summary |
---|---|---|
P4 | JDK-8278794 | Infinite loop in DeflaterOutputStream.finish() |
P4 | JDK-8193682 | Infinite loop in ZipOutputStream.close() |
P4 | JDK-8315117 | Update Zlib Data Compression Library to Version 1.3 |
P4 | JDK-8324632 | Update Zlib Data Compression Library to Version 1.3.1 |
Priority | Bug | Summary |
---|---|---|
P3 | JDK-8305400 | ISO 4217 Amendment 175 Update |
P3 | JDK-8321480 | ISO 4217 Amendment 176 Update |
P3 | JDK-8334653 | ISO 4217 Amendment 177 Update |
Priority | Bug | Summary |
---|---|---|
P3 | JDK-8196770 | Add JNDI test com/sun/jndi/ldap/blits/AddTests/AddNewEntry.java |
P3 | JDK-8290367 | Update default value and extend the scope of com.sun.jndi.ldap.object.trustSerialData system property |
P4 | JDK-8251188 | Update LDAP tests not to use wildcard addresses |
Priority | Bug | Summary |
---|---|---|
P4 | JDK-8030204 | com/sun/jdi/JdbExprTest.sh: Required output "Can\\'t convert 2147483648 to int" not found |
P4 | JDK-4660158 | TTY: NumberFormatException while trying to set values by 'set' command |
Priority | Bug | Summary |
---|---|---|
P3 | JDK-8145919 | sun/management/jmxremote/bootstrap/RmiSslBootstrapTest failed with Connection failed for no credentials |
P4 | JDK-8335851 | [8u] Test JMXStartStopTest.java fails after JDK-8334415 |
P4 | JDK-8035395 | sun/management/jmxremote/startstop/JMXStartStopTest.java fails intermittently: Port already in use |
Priority | Bug | Summary |
---|---|---|
P3 | JDK-8313626 | C2 crash due to unexpected exception control flow |
P3 | JDK-8021775 | compiler/8009761/Test8009761.java "Failed: init recursive calls: 51. After deopt 50" |
P4 | JDK-8233364 | Fix undefined behavior in Canonicalizer::do_ShiftOp |
Priority | Bug | Summary |
---|---|---|
P3 | JDK-8316328 | Test jdk/jfr/event/oldobject/TestSanityDefault.java times out for some heap sizes |
Priority | Bug | Summary |
---|---|---|
P4 | JDK-8305931 | jdk/jfr/jcmd/TestJcmdDumpPathToGCRoots.java failed with "Expected chains but found none" |
P4 | JDK-8326521 | JFR: CompilerPhase event test fails on windows 32 bit |
P4 | JDK-8326529 | JFR: Test for CompilerCompile events fails due to time out |
Priority | Bug | Summary |
---|---|---|
P4 | JDK-8309138 | Fix container tests for jdks with symlinked conf dir |
P4 | JDK-8152207 | Perform array bound checks while getting a length of bytecode instructions |
Priority | Bug | Summary |
---|---|---|
P4 | JDK-8337110 | [8u] TestNoEagerReclaimOfHumongousRegions.java should be in gc/g1 directory |
Priority | Bug | Summary |
---|---|---|
P4 | JDK-8333669 | [8u] GHA: Dead VS2010 download link |
P4 | JDK-8331730 | [8u] GHA: update sysroot for cross builds to Debian bullseye |
P4 | JDK-8315863 | [GHA] Update checkout action to use v4 |
P4 | JDK-8137329 | [windows] Build broken on VS2010 after "8046148: JEP 158: Unified JVM Logging" |
P4 | JDK-8075511 | Enable -Woverloaded-virtual C++ warning for HotSpot build |
P4 | JDK-8281096 | Flags introduced by configure script are not passed to ADLC build |
P4 | JDK-8318039 | GHA: Bump macOS and Xcode versions |
P4 | JDK-8336928 | GHA: Bundle artifacts removal broken |
P4 | JDK-8324723 | GHA: Upgrade some actions to avoid deprecated Node 16 |
Priority | Bug | Summary |
---|---|---|
P4 | JDK-8338144 | [8u] Remove duplicate license files |
Priority | Bug | Summary |
---|---|---|
P4 | JDK-8333126 | Bump update version of OpenJDK: 8u432 |
Priority | Bug | Summary |
---|---|---|
P2 | JDK-8341057 | Add 2 SSL.com TLS roots |
Priority | Bug | Summary |
---|---|---|
P2 | JDK-8341059 | Change Entrust TLS distrust date to November 12, 2024 |
P3 | JDK-8279164 | Disable TLS_ECDH_* cipher suites |
P3 | JDK-8337664 | Distrust TLS server certificates issued after Oct 2024 and anchored by Entrust Root CAs |
Priority | Bug | Summary |
---|---|---|
P4 | JDK-8320964 | sun/tools/native2ascii/Native2AsciiTests.sh fails on Japanese |